Microsoft pushes "claims based" ID mgt with beta Zermatt tool

Identity management is a concept that is maturing. Microsoft is a proponent of an identity management model called "claims-based," meaning that user attributes (such as a user's role and rights) are identified by a set of statements called claims. Microsoft has released a beta of a set of tools coded named Zermatt -- a big step in helping developers build claims-based identity apps that can easily plug into a reusable Identity Metasystem. A story in Network World reports:

Code-named Zermatt, the tools are a new extension to the .Net Framework 3.5 that helps developers more easily build applications that incorporate a claims-based identity model for authentication/authorization. ... Claims, which are part of the architecture, are used by systems to make such decisions as who gets access, who can retrieve content or who can complete transactions. Data contained in the claims can come from Active Directory, LDAPv3-based directories, application-specific databases and new user-centric identity models such as LiveID, OpenID and InfoCard systems including Microsoft's CardSpace and Novell's Digital Me.

The ultimate goal is that applications (off-the-shelf or custom coded) can plug into this identity metasystem just like applications run on an OS and can plug into any resource the OS can drive. This new tool means that Microsoft is gathering the massive power of its developers to help fuel momentum for the claims-based identity model. That is a practical step and one that continuously serves Microsoft well.

The claims-based model is well understood and generally accepted within the industry as a viable concept , (i.e IBM also is building Security Token Services). But just like an OS is nearly useless without applications to run on it, the claims-based model needs applications to fulfill its mission - a heterogeneous identity (meta)system.

Enter Zermatt, which is geared toward an application developer who wants to build claims awareness into a Windows application. For the developer the tool removes the headache of having to create an authentication/authorization system or user data store for every app that is built. For IT, this tool -- and ultimately an Identity Metasystem -- means consistency. If the application needs changes to its access controls, this can be done without having to tweak the core application code. The thing that would be changed are the claims the applications grab before they grant access, such as the person's identity ("I am a manager") or the person's specific rights ("I have $90K of purchasing authority." ).

Note that Microsoft's Zermatt tools are really a series of extensions for the .Net Framework, so again, they are geared only for Windows apps. But they might function as a proof-of-concept for those working in other operating systems that will eventually want to also use a claims-based approach. At this point, Microsoft is not saying it will be releasing the tools into an open-source mode, like CodePlex. The final version are expected to be available by year-end.

Go to the Microsoft Subnet home page for more news, blogs, podcasts.
More Microsoft Subnet blog posts:

Microsoft's Imagine Cup winners announced
Bad for Diane, perhaps good for VMware users
All hail Hyper-V: the hypervisor finally, officially arrives
Dozens of great freebie addons for OpsMgr 2007

 

• Microsoft
• identity management
• Zermatt